ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Visual Automation

v1.0.0

Automates Blender via Python scripts to create 3D assets, renders, and animations.

1· 221·1 current·1 all-time
by@flayzz
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to automate Blender and declares 'blender' and 'pwsh' as required binaries. The instructions, however, use a Windows PowerShell call operator and point to a specific Windows exe path ('C:\Program Files\Blender Foundation\Blender 5.0\blender-launcher.exe'). There's no OS restriction in the metadata and no explanation why pwsh is required on non-Windows systems. Also the required binary name ('blender') doesn't match the explicit 'blender-launcher.exe' path used in examples.
Instruction Scope
The SKILL.md focuses on generating Python scripts that import bpy and running Blender in background mode, which is consistent with the description. It directs saving assets to project folders (e.g., 'workspace-dev/website/assets/'), which is expected but could cause unwanted writes if not checked. Instructions are Windows-centric (PowerShell invocation and exact exe path) but give no alternative for macOS/Linux.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing is written to disk by the skill itself during installation. That lowers install-time risk.
Credentials
The skill requests no environment variables or credentials, which aligns with its purpose. There are no declared config paths beyond an example asset path.
Persistence & Privilege
The skill is not marked 'always' and is user-invocable with normal autonomous invocation allowed. There is no evidence it requests elevated persistence or modifies other skills' configs.
What to consider before installing
This skill appears to do what it says (generate Blender Python scripts and render headsless), but there are mismatches you should resolve before installing: 1) Confirm your platform — the instructions use a Windows PowerShell command and an explicit Blender launcher path; if you run macOS/Linux, ask the author for equivalent commands or modify them yourself. 2) Verify which Blender executable to call ('blender' vs 'blender-launcher.exe') and whether pwsh is actually required. 3) Review any generated Python (.py) scripts before running them — Blender's embedded Python can execute arbitrary filesystem and network operations, so run in a sandbox or VM if you're unsure. 4) Ensure the asset output path is safe (don't allow writes to sensitive system or home directories). If the owner/source is unknown and you cannot confirm these issues, treat the skill as untrusted and test it in an isolated environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk971hwrxw92a7e01k4v4gdncfx82z29n

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsblender, pwsh

Comments